Data Classification Services

 

Historically, most companies have shy'd away from implementing enterprise data classification as the process is perceived to be greatly arduous. The adoption of a Data Classification Program, however, is a fundamental and critical step towards effectively managing information enterprise-wide. A common misconception is that technology products / solutions can solely replace the classification process, while in practicality, accurate enterprise data classification is only achievable when applied in a business context and the ownus given back to the business users or data owners.

Below are some challenges and objectives of the Program; and our approach to successfully adopting and implementing Data Classification enterprise-wide.

 

Some Challenges

  • Lack of a complete inventory of systems, applications, data, and corresponding information asset owners.
  • Inadequate classification of data based upon its value to the business.
  • Lack of adequate training & awareness on use of classification policies and schemes.
  • Inability to sustain classification levels through its lifecycle.
  • Lack of automation to operationalize and streamline enterprise-wide data classification.

 

Some Objectives

  • Apply appropriate protection schemes based upon classification levels.
  • Provide for sufficient training & awareness for handling sensitive information.
  • Meet regulatory, legal and privacy requirements for managing sensitive information.
  • Embed secure practices based upon an understanding of tiered classification levels.
  • Provide an understanding of the value of data for intelligent technology implementations.

 

Our Answer

Instantiation or enhancement of a classification program supported through appropriate governance and oversight to achieve user compliance with business objectives. The following Figure illustrates our approach to addressing aspects of a data classification program:

 

How can we help?

We recommend that the most palatable way to successfully implement and enforce a Data Classification Program, is by leveraging your existing Information Security and Risk Management Programs by enhancing them by including provisions for Information Protection.

Specifically, we can help effectively implement a Data Classification Program with the following:

 

  • Data Classification Program Assessment - We can help you assess the current state of your data classification policies, practices, and implementations, that will align against a future state best practice ‘data classification program’. The outcome of this assessment will give you a realization of gaps between your current and future state Program. Based upon gaps identified, we can develop a roadmap for enterprise data classification that is aligned against industry best practices and our Information Protection Framework.

  • Data Classification Program Development - We can help you enhance or develop a new data classification program that establishes appropriate oversight, governance, charter, framework, roles and responsibilities and a roadmap for enterprise data classification implementation.

  • Data Classification Policies & Standards Alignment - We can help you enhance or develop a global data classification policy and scheme, and subsequently create a repeatable process for business unit customization for classification policies. Our data classification policy alignment leverages industry best practices, as well as regulatory, privacy and law mandates. Furthermore, we we can help you enhance your existing user training and awareness programs to include data classification modules for high risk business units.

  • Data Classification Technology Evaluation* - There are two family types of data classification technologies available to help automate enterprise data classification. X +1 addresses new un-structured data created on-demand. X -1 addresses existing un-structured and structured data within data repositories.

    We can help you facilitate and accelerate your data classification vendor evaluation based upon our experience with evaluating data classification vendors for your peers; our technical and functional understanding of the vendor capabilities; as well as by leveraging our deep relationships and insight with the vendors. We have intimate knowledge of classification technology as we provide the only data classification service-based technology solution that allows for accurate data classification aligned with business context and understanding.

    Our assistance in this regard can help you refine and help you focus on your business and technical requirements for data classification, and particularly by helping you with Technology Impact Analysis (TIA); targeted workshops for stakeholder socialization and buy-in; and management presentations for project sponsorship and acceptance.

  • Data Classification Program Implementation - We can help you implement your data classification Program in a phased approach. Particularly, we help you identify and prioritize business units needed for data classification based upon determining risk profiles aligned with your risk strategy, and subsequently select one or two as a pilot. With this approach we can either help you manually implement classification leveraging our process enables or leverage technology to accelerate the pilot process.

    If the latter approach is taken above, we can help you prioritize X +1 vs X -1 technology leverage approaches for classification automation; and residually help you with technology selection for pilot implementation. As part of this offering, we are also able to help you design, configure and implement classification technology solutions leveraging our partnership with technology vendors.

 

* To learn more about FirstClassify (X -1) classification technology automation, please visit our FirstClassify® knowledge-base here.

 

Please e-mail us at info@forfendsecurity.com to find out more regarding our data classification services.